Kevin Karhan 
alecmThe @torproject have launched an unofficial fork of the Enterprise Onion Toolkit… and I’m broadly okay with that, mostly…
Back in 2015 I instigated and led the team which built the Facebook Onionsite, and helped formalise the availability of .onion TLS/HTTPS certificates.
I left Facebook in 2016 and after some amusing banter at CCC that year, I got more and more into the idea of an “generic onionising proxy” based around ideas I’d seen deployed by Mike Tigas at ProPublica. I built my own framework and a templating language on a cluster of Raspberry Pis, and used various popular websites for test material,
This brings us to early 2017 when the code was still an experiment. Over the summer it became stable and performant enough to convince the New York Times (HT: Runa Sandvik) to launch their own onion service using the tool which I named “The Enterprise Onion Toolkit” or eotk — a purposely descriptive, serious & boring name because my 25+ years in industry had taught me that businesses prefer descriptive, serious, boring names over nerdy puns.
Building the NYT onion offered enough credibility to approach the BBC World Service — which I promptly did — badgering them and consulting/working gratis on the grounds that if they actually paid me for something then they would equally be able to tell me to go away. It took a mere two years of delicate project and relationship management to get the BBC Onionsite to come to fruition (HT Abdallah al-Salmi) launching in late 2019.
A bunch of other Tor Onion sites have sprung up using EOTK, and I’ve been delighted to help out — again, gratis — because I believe in the layer-3 onion networking technology offering unique benefits above and beyond those available to the TCP/IP Internet.
But of course in the background to all of this success has always been The Tor Project (“Tor”) themselves… and frankly I’ve felt that our mutual technology-based relationship could have been more fruitful than it has.
In part this is my fault — though I am not accepting criticism — for finally “getting a life” shortly before pandemic lockdowns began, leading to a tremendous change of life priorities and becoming a parent. I’ve simply not had sufficient (any?) free time for the past 3 years to maintain EOTK, which has heavy reliance upon testing and third-party tooling.
But also… EOTK is open-source (fine) and Tor have been offering it as a service to critical civil society and liberty-related organisations (fine) — yet I rather wish that in such circumstances, where an organisation is making heavy (revenue?ˆ) use of it, then perhaps I could have expected a little more human communication than receiving a handful of pull-requests for updates and (this past year) passively watching monthly reports and gitlab updates about setting up their own fork of the code. I’m not aware of any email “outreach” or similar.
I have to compare this to the volume of code – including kubernetes integration – that were offered by Reddit as a result of their adoption of EOTK, with a lot of mutual geek chatter back and forth in the process. Reddit learned and adopted the technology very thoroughly, and made a fruitful contribution to EOTK in return. So I’m left with the impression that Tor are have been delighted to have free engineering and evangelism, but may feel challenged to contribute when such effort was/is not under their control.
Nonetheless: Tor Project are still doing good, and I still have faith in them — albeit they have for some reason superficially rebranded EOTK as onionspray — and they certainly have bandwidth which parenthood denies me, so I feel that it’s likely best for me to just let them pick up the torch.
Aside from anything else: one day soon we are doubtless going to start deprecating HTTP1 by which time there will need to be either a wholesale EOTK rewrite with new technology, or else the websites will have to have seen the value and adopted .onion natively.
Interesting times, ahead.
https://gitlab.torproject.org/tpo/onion-services/onionspray
Alec Muffett
Kevin Karhan 
Christian Pietsch (old acct.)